A recent Quocirca blog post pointed out there were good business reasons for disclosing data breaches as well as an increasing number of regulatory ones. For those organisations not convinced by these arguments and still intent on attempting to brush leaks under the carpet, there is new evidence that consumers think they should come clean too.
New research commissioned by LogRhythm, a vendor of SIEM (security information and event management) tools, surveyed 2,000 UK consumers and concludes that they are “losing patience with organisations that endanger their customers’ data”. Eighty percent were “concerned” about trusting organisation to keep their data safe from hackers, up 17% from a similar survey in 2010. Twenty-six percent assert they would “definitely” not transact with the affected organisation again, with a further 61% saying they would try to avoid future interactions.
Of course, for many, their bark will be louder than their bite; it is often said that a man is more likely to change his wife than his bank. However, what the research does show is that all the recent press coverage of data leaks has not gone unnoticed. There is widespread awareness amongst consumers of the issues and the responsibilities of organisation to who they entrust their data and the importance of disclosure.
SIEM tools help in two ways. First, they can monitor network traffic and help spot unusual activity, providing a feed to intrusion prevention systems (IPS) and data loss prevention (DLP) tools to block attempted data thefts. Second, they help clear up afterwards, enabling affected organisations to rapidly gather the information about what data has been lost and who has been affected. It is not good enough for an affected organisation to lazily issue a blanket warning to all customers, instead they should be in a position to inform those (and only those) whose data has definitely been compromised.
LogRhythm claims to be the biggest independent vendor of SIEM tools. This follows a recent round of acquisitions of its rivals by larger vendors. In 2010, HP acquired ArcSight, and this month two more intended acquisitions were announced; IBM targeting Q1 Labs while Nitro Security was approached by McAfee. There is no shortage of other vendors; for example, Symantec has its Security Information Manager and EMC/RSA has tools based around the acquisitions of Network Intelligence and enVision. However, this has not put off new entrants, such as Red Lambda, a high-end data processing vendor attempting to re-position itself in the network security market by treating it as a “big-data” problem.
Businesses rightly expect consumers to be careful with their confidential information, account details, login credentials and so on. In return, consumers should expect business to take good care of the same data and come clean when it is stolen or they have screwed-up and leaked it to the public domain.